Setting The Sme Cluster Security Level - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
Table of Contents

Advertisement

Setting the SME Cluster Security Level

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To create an SME cluster, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# sme cluster
clustername1
switch(config-sme-cl)#
Step 3
switch(config-sme-cl)# fabric f1
Setting the SME Cluster Security Level
There are 3 levels of security: Basic, Standard, and Advanced. Standard and Advanced security levels
require smart cards.
Table 7-1
Security Level
Basic
Standard
Advanced
To set the SME cluster security level, follow these steps:
Command
Step 1
switch# config t
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
7-4
Volume tape groups
Tape compression
Master Key Security Levels
Definition
The master key is stored in a file and encrypted with a password. To retrieve the
master key, you need access to the file and the password.
Standard security requires one smart card. When you create a cluster and the
master key is generated, you are asked for the smart card. The Master key is then
written to the smart card. To retrieve the master key, you need the smart card and
the smart card pin.
Advanced security requires five smart cards. When you create a cluster and select
Advanced security mode, you designate the number of smart cards (two or three
of five smart cards or two of three smart cards) that are required to recover the
master key when data needs to be retrieved. For example, if you specify two of
five smart cards, then you will need two of the five smart cards to recover the
master key. Each smart card is owned by a Cisco SME Recovery Officer.
The greater the number of required smart cards, the greater the security.
Note
However, if smart cards are lost or if they are damaged, this reduces the
number of available smart cards that could be used to recover the master
key.
Chapter 7
Using the Command Line Interface to Configure SME
Purpose
Enters configuration mode.
Specifies the cluster name and enters SME cluster
configuration submode. A cluster name can include a
maximum of 32 characters.
Adds fabric f1 to the cluster.
Purpose
Enters configuration mode.
OL-18091-01, Cisco MDS NX-OS Release 4.x

Advertisement

Table of Contents
loading

Table of Contents